Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTrendmicroCVELIST:CVE-2022-45798
HistoryDec 22, 2022 - 9:24 p.m.

CVE-2022-45798

2022-12-2221:24:44
trendmicro
www.cve.org
cve-2022-45798
damage cleanup engine
local attacker
privilege escalation
symbolic link
file deletion
low-privileged code
exploit

0.0004 Low

EPSS

Percentile

16.1%

JSON

A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CNA Affected

[
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Apex One",
    "versions": [
      {
        "version": "On Premise (14.0)",
        "status": "affected",
        "lessThan": "14.0.0.11136",
        "versionType": "semver"
      },
      {
        "version": "SaaS (14.0)",
        "status": "affected",
        "lessThan": "14.0.11840",
        "versionType": "semver"
      }
    ]
  }
]

Related

nvd 1
zdi 1
cve 1
prion 1
nessus 1
nvd
nvd
CVE-2022-45798
2022-12-24 00:15:08
zdi
zdi
Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
2022-12-15 00:00:00
cve
cve
CVE-2022-45798
2022-12-24 00:15:08
prion
prion
Spoofing
2022-12-24 00:15:00
nessus
nessus
Trend Micro Apex One Multiple Vulnerabilities (000291830)
2023-02-13 00:00:00

0.0004 Low

EPSS

Percentile

16.1%

JSON
Related for CVELIST:CVE-2022-45798
nvd1zdi1cve1prion1nessus1